On Wed, 2008-10-08 at 09:03 +1100, Ben Finney wrote:
> Which seems to come to a contradictory conclusion
> http://lists.debian.org/debian-legal/2006/07/msg00009.html>;
i.e.
> that the license *is* free under the DFSG. (On a quick reading, I
> incline more toward the “non-free” side, but that's not something to
> be discussed at length here.)
>
> I'd very much like to see Tom Calloway's reference for *why* the
> license terms are such a serious risk; preferably, placed in (or
> linked from) the Fedora wiki page where the work is forbidden.
Sorry for the delay, I just needed to clear it with counsel for me to
share our analysis.
These remarks are against v2.5 of the TrueCrypt license:
Section III:
1. d. : This provision requires distribution of source code if you
distribute "Your Product". However, it says
To meet this condition, it is sufficient that You merely include the
source code with every copy of Your Product that You make and
distribute . . . *provided that You make the copies available to the
general public free of charge*; it is also sufficient that You merely
include information . . . about where the source code can be freely
obtained . . . with every copy of Your Product that You make
and distribute . . . *provided that You make the copies available to
the general public free of charge*.
This is ambiguous, but the best reading of "the copies" seems to refer
to "every copy of Your Product that You make and distribute". That
therefore means that if you distribute modified versions of TrueCrypt,
you cannot charge for copies. That is non-free.
We suggested that the first paragraph of 1d be changed to:
If you distribute Your Product in a form other than source code, the
complete source code of Your Product must be freely and publicly
available (for exceptions, see Section III.2) at least until You
cease to distribute Your Product. To meet this condition, it is
sufficient that You merely include the source code with every copy of
Your Product that You make and distribute (see also below in this
Subsection III.1.d for conditions that licenses governing the source
code must meet) provided that you make the source code available to
the general public free of charge; it is also sufficient that You
merely include information (valid and correct at least until You cease
to distribute Your Product) about where the source code can be freely
obtained (e.g. an Internet address, etc.) with every copy of Your
Product that You make and distribute (see also below in this
Subsection III.1.d for conditions that licenses governing the source
code must meet) provided that You make the source code available to
the general public free of charge.
In addition, because there is no counterpart in III to II.2, there is
some doubt about whether "Your Product" can be used commercially.
Therefore, the following clause should be added to section III:
Provided that You comply with all applicable terms and conditions of
this License, You may use Your Product freely on any number of
computers/systems for non-commercial and/or commercial purposes.
Alternatively, II.2 could be generalized to "Your Product" as well as
"This Product".
Section VI, Paragraph 2:
The license says:
NOTHING IN THIS LICENSE SHALL IMPLY OR BE CONSTRUED AS A PROMISE,
OBLIGATION, OR COVENANT NOT TO SUE FOR COPYRIGHT OR TRADEMARK
INFRINGEMENT.
We proposed that it be replaced with:
NOTHING IN THIS LICENSE SHALL IMPLY OR BE CONSTRUED AS A PROMISE,
OBLIGATION, OR COVENANT NOT TO SUE FOR TRADEMARK INFRINGEMENT.
While Fedora certainly has no intent to commit copyright infringement,
our
counsel advises that licenses are promises not to sue. If Fedora
complies with all of the conditions and/or obligations imposed by this
license, we would not be protected from a lawsuit from TrueCrypt. If we
cannot rely on this license granting us copyright permissions, counsel
advises us that this license is non-free.
The TrueCrypt license term in question declares that nothing in the
license constitutes a promise not to sue for copyright infringement. Our
counsel advises that a plain reading of this indicates that if Fedora
complies with all the requirements of the TrueCrypt license, we would
nonetheless have no assurance that TrueCrypt will not sue me for my acts
of copying, distribution, creation of derivative works, and so forth.
Normally, a free software license can be considered as a promise
not to sue for actions that are allowed under the license. Our counsel
noted that it is a promise not to sue for actions that are
allowed under the license *even if those actions would otherwise
constitute copyright infringement*. The statement in the TrueCrypt
license casts doubt on whether the fully compliant licensee is shielded
from the possibility of a copyright infringement suit from TrueCrypt (to
which no defense of license would be effective).
To be blunt, our counsel advised that what the TrueCrypt license
explicitly
says is that no matter how faithfully we comply with those conditions
or
obligations, we still have no expectation that such compliance gives
rise
to any obligation or undertaking on TrueCrypt's part not to sue us for
copyright infringement.
TrueCrypt seems to be reserving the right to sue any licensee for
copyright infringement, no matter whether they comply with the
conditions of the license or not. Based on this, our counsel advised
that above and beyond being non-free, software under this license is not
safe to use.
Section VI, Paragraph 3:
The license says:
3. This license does not constitute or imply a waiver of any
intellectual
property rights. This license does not transfer, assign, or convey any
intellectual property rights (e.g., it does not transfer ownership of
copyrights or trademarks).
We proposed that it be replaced with:
This License does not constitute or imply a waiver of any
intellectual property rights, other than as specifically stated in
this License. This License does not transfer, assign, or convey any
intellectual property rights (e.g., it does not transfer ownership of
copyrights or trademarks).
The rational provided by our counsel is as follows:
In effect TrueCrypt ought to be waiving certain of its rights for this
to be operative as a license. Free software licenses do involve waivers
of rights.
Our counsel advised us that this license has the appearance of being
full of clever traps, which make the license appear to be a sham (and
non-free).
There were other minor issues that might also make the license non-free,
but given TrueCrypts unwillingness to address any of these more serious
issues, I have omitted them.
Hope that helps,
~tom
_______________________________________________
Distributions mailing list
[email protected]http://lists.freedesktop.org/mailman/listinfo/distributions